Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
User1234
Contributor

Unrecognized parameter access-layers

Hi!

When executing an Ansible task for check_point.mgmt.cp_mgmt_package with

 

- name: set policy/package
      check_point.mgmt.cp_mgmt_package:
        name: default-policy
        access: true
        access_layers:
          add:
            - name: default-layer
              position: 1

 

it exits with an error

 

FAILED! => {"changed": false, "msg": "Checkpoint device returned error 400 with message {u'message': u'Unrecognized parameter [access-layers]', u'code': u'generic_err_invalid_parameter_name'} Unpublished changes were discarded"

 

Am I doing something wrong? I think the ansible task is used correctly. (Any other CP-related tasks are working fine.)
I recognise that the task uses 'access_layers' with an underscore while the error message contains 'access-layers' with a minus. The ansible documentation and examples use the underscore while the corresponding mgmt-api uses the minus. Is this a bug/typo?

0 Kudos
8 Replies
the_rock
Legend
Legend

Good question...it could be a typo or a bug, or both actually. That was the first thing I noticed when looking at the output. Lets see if someone else can confirm.

0 Kudos
Art_Zalenekas
Employee
Employee

It does work for me. I just added a Shared Layer into position #2. With remove parameter you can take the non-default layers out.

- name: set policy/package
  check_point.mgmt.cp_mgmt_package:
    name: Home
    access: true
    access_layers:
      add:
        - name: ApplCtrl
          position: 2

 

Kind regards,
Art

0 Kudos
User1234
Contributor

I am also not able to add a shared layer into position 2, same error. I am using the latest version 2.2.0.
So, actually, I want to add a new policy with a new access layer and only have this access layer in the policy. I am grateful for any guidance.

0 Kudos
Art_Zalenekas
Employee
Employee

Once you create a new policy, it also creates the default policy in the format "<Policy Name> Network". This layer cannot be removed, but you can add another layer above the default policy.

What version is your management server and are you using MDS environment? I ran Ansible (2.2.0) and mgmt_cli call against R81.10 T22 SMS.

0 Kudos
User1234
Contributor

Alright.

It is a fresh installed R81.10 T22 without MDS. Ansible version 2.2.0

0 Kudos
Art_Zalenekas
Employee
Employee

OK, so you run exactly the same environment. Try what I said in my statement above.

0 Kudos
User1234
Contributor

I am afraid it does not work.

I tried to create the access-layer before and after policy creation and insert it to position 0,1,2,3. Still the same error message.

To be honest, I don't think the server even parses the name and position parameters as it raises an exception at the parameter access-layer which is one level on top.

0 Kudos
Art_Zalenekas
Employee
Employee

It should work. Your positioning cannot be 0. It starts at 1. Also, you cannot move the default layer, but custom.

Try adding new policy, add some layers, move them out and through API add them again. It worked for me.

0 Kudos
Upcoming Events

    CheckMates Events